Chris Farmiloe <> writes:
> I find the current LISTEN / NOTIFY rather limited in the context of
> databases with multiple roles. As it stands it is not possible to restrict
> the use of LISTEN or NOTIFY to specific roles, and therefore notifications
> (and their payloads) cannot really be trusted as coming from any particular
> source.

TBH, nobody has complained about this in the fifteen-plus years that
LISTEN has been around.  I'm dubious about adding privilege-checking
overhead for everybody to satisfy a complaint from one person.

> I'd like to propose a new ASYNC database privilege that would control
> whether a role can use LISTEN, NOTIFY and UNLISTEN statements and the
> associated pg_notify function.

... and if I did think that there were an issue here, I doubt I'd think
that a privilege as coarse-grained as that would fix it.  Surely you'd
want per-channel privileges if you were feeling paranoid about this,
not to mention separate read and write privileges.  But the demand for
that just isn't out there.

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to